PREFACE
TLDR;
This post kicks off a series, where I'll be working on Azure Active Directory B2C (AADB2C) between the Azure Portal, custom policies configuration files and a .NET core application with read/write permissions to AADB2C users.
If you just want to see the resulting files, go to the source code repository.
Introduction
Azure Active Directory B2C (AADB2C) is an identity management service (ref. 1).
Before your applications can interact with AADB2C, they must be registered in a tenant that you manage. An Azure AD tenant represents an organisation and contains a collection of identities to be used with applications (ref. 2). An application that only allows certain interactions based on verifying and trusting the identity of a user is then considered a relying party.
AADB2C includes predefined, configurable policies called user flows. User flows are how users interact with with an application. In the context of identity management, the interaction might be to sign in, sign up, edit a profile, or reset a password (ref. 3).
Custom policies can be used for more complex scenarios where the built-in user flows do not meet the requirements for your application. Custom policies are defined by configuration files that specify the behaviour of your AADB2C tenant (ref. 4).
Prerequisites
Before we start setting up custom policies, I will assume you have gone through the following guide: Get started with custom policies in Azure Active Directory B2C as well as it's own prerequisite articles on Microsofts website.
In my experience, it is important that the IdentityExperienceFramework and ProxyIdentityExperienceFramework applications are created under the 'App registrations' blade of the 'Azure Active Directory' service, whereas the webapp (ref. 1) application which is created in the prerequisite article Register your application and referred to in the Get started with custom policies in Azure Active Directory B2C article, should be created in the 'App registrations' blade of the 'Azure AD B2C' service.
Scope
Once you're done setting up the basics in AADB2C you might already have been introduced to the following three files:
Base file - Few modifications are required to the base. Example: TrustFrameworkBase.xml Extension file - This file is where most configuration changes are made. Example: TrustFrameworkExtensions.xml Relying party files - Task-specific files called by your application. Examples: SignUpOrSignin.xml, ProfileEdit.xml, PasswordReset.xml (The above descriptions are straight up copy/paste from the guide Get started with custom policies in Azure Active Directory B2C)
It is the 'Extension file' and 'Relying party files' that we will be working with.
The scope of future posts will be limited to the 'LocalAccounts' starter pack (a repository linked to in Get started with custom policies in Azure Active Directory B2C).
At the end of a series of posts on AADB2C to follow, we will be able to:
a. Customise various aspects related to custom policies:
- Define and add claims
- Transforms claims
- Localise texts in user flows based on custom policies
- Add and update user journeys
- Add configuration for relying parties
b. Add and get users via Microsoft Graph API
Next steps
Go to the next post in this series Azure AD B2C Custom Policies (Series): Extension File.